I don't know if it really comes down to preference or performance, but I was wanting some opinions on this. Should I let JAVA Security MD5 my passwords so that I can insert and verify passwords stored in MySQL, or should I just use MySQL's MD5 function in the SQL Statement? The only thing I am concerned with if letting MySQL handle this is if I want to support different DB Vendors. [ September 19, 2003: Message edited by: Gregg Bolinger ]
I like to let the database do it, although I agree that it is something that may introduce vendor-lockin. The reason I prefer it in the database is that it enforces password security in the database. If Java is responsible you run the risk of someone accidentally or deliberately not encrypting the password.